CVE Database

CVE-2026-23776

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.…

7,2 High Apr 17, 2026

CVE-2026-23779

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.…

6,7 Medium Apr 17, 2026

CVE-2026-35072

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0…

6,7 Medium Apr 17, 2026

CVE-2026-35073

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0…

6,7 Medium Apr 17, 2026

CVE-2026-35074

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0…

6,7 Medium Apr 17, 2026

CVE-2026-35153

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0…

6,7 Medium Apr 17, 2026

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are…

6,9 Medium Apr 17, 2026

CVE-2026-6483

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. …

7,2 High Apr 17, 2026

CVE-2026-39350

Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1,…

5,4 Medium Apr 15, 2026

CVE-2026-40179

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site s…

5,3 Medium Apr 15, 2026

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, …

8,7 High Apr 15, 2026

CVE-2026-40316

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 …

8,8 High Apr 15, 2026

CVE-2026-4949

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vul…

4,3 Medium Apr 15, 2026

CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-sup…

8,2 High Apr 16, 2026

CVE-2026-40245

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disc…

7,5 High Apr 16, 2026

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.

2,9 Low Apr 16, 2026

CVE-2026-4880

The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege …

9,8 Critical Apr 16, 2026

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interfa…

5,4 Medium Apr 16, 2026

CVE-2026-40502

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive …

8,8 High Apr 16, 2026

CVE-2026-40503

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files…

6,5 Medium Apr 16, 2026

CVE-2026-40959

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.

9,3 Critical Apr 16, 2026

CVE-2026-40960

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.…

8,1 High Apr 16, 2026

CVE-2026-3299

The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and in…

6,4 Medium Apr 16, 2026

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bou…

9,8 Critical Apr 16, 2026

CVE-2026-40505

MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequenc…

3,3 Low Apr 16, 2026

CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.

4,9 Medium Apr 16, 2026

CVE-2026-1880

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improp…

5,4 Medium Apr 16, 2026

CVE-2026-3428

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege e…

5,4 Medium Apr 16, 2026

CVE-2026-3885

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode …

6,4 Medium Apr 16, 2026

CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed…

7,4 High Apr 16, 2026

CVE-2026-6348

WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitra…

8,8 High Apr 16, 2026

CVE-2026-6349

The  iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS command…

10,0 Critical Apr 16, 2026

CVE-2026-6350

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the p…

9,8 Critical Apr 16, 2026

CVE-2026-6351

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability…

7,5 High Apr 16, 2026

CVE-2026-3878

The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, an…

6,4 Medium Apr 16, 2026

CVE-2026-4032

The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up …

6,1 Medium Apr 16, 2026

CVE-2026-5070

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32…

6,4 Medium Apr 16, 2026

CVE-2023-3634

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which c…

8,8 High Apr 16, 2026

CVE-2023-5872

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to a…

4,3 Medium Apr 16, 2026

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and …

6,0 Medium Apr 16, 2026

CVE-2026-22616

Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rat…

6,5 Medium Apr 16, 2026

CVE-2026-40118

UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an ac…

6,3 Medium Apr 16, 2026

CVE-2026-22617

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and…

5,7 Medium Apr 16, 2026

CVE-2026-22618

A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribu…

5,9 Medium Apr 16, 2026

CVE-2026-22619

Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an…

7,8 High Apr 16, 2026

CVE-2026-3551

The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up…

4,4 Medium Apr 16, 2026

CVE-2026-3581

The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to …

5,3 Medium Apr 16, 2026

CVE-2026-3595

The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to t…

5,3 Medium Apr 16, 2026

CVE-2026-3596

The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin regis…

9,8 Critical Apr 16, 2026

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-js…

7,5 High Apr 16, 2026